Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Validating PowerShell PSCredential

Tags:

security

powershell

Let's say I have a PSCrendential object in PowerShell that I created using Get-Credential.

How can I validate the input against Active Directory ?

By now I found this way, but I feel it's a bit ugly :

[void][System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.AccountManagement")


function Validate-Credentials([System.Management.Automation.PSCredential]$credentials)
{
    $pctx = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Domain, "domain")
    $nc = $credentials.GetNetworkCredential()
    return $pctx.ValidateCredentials($nc.UserName, $nc.Password)
}

$credentials = Get-Credential

Validate-Credentials $credentials

[Edit, two years later] For future readers, please note that Test-Credential or Test-PSCredential are better names, because Validate is not a valid powershell verb (see Get-Verb)

like image 992
Steve B Avatar asked May 29 '12 16:05

Steve B

2 Answers

I was having a similar issue with an installer and required to verify the service account details supplied. I wanted to avoid using the AD module in Powershell as I wasn't 100% this would be installed on the machine running the script.

I did the test using the below, it is slightly dirty but it does work.

try{
    start-process -Credential $c -FilePath ping -WindowStyle Hidden
} catch {
    write-error $_.Exception.Message
    break
}
like image 27
xenon8 Avatar answered Oct 26 '22 16:10

xenon8

I believe using System.DirectoryServices.AccountManagement is the less ugly way:

This is using ADSI (more ugly?):

$cred = Get-Credential #Read credentials
$username = $cred.username
$password = $cred.GetNetworkCredential().password

# Get current domain using logged-on user's credentials
$CurrentDomain = "LDAP://" + ([ADSI]"").distinguishedName
$domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,$UserName,$Password)

if ($domain.name -eq $null)
{
 write-host "Authentication failed - please verify your username and password."
 exit #terminate the script.
}
else
{
 write-host "Successfully authenticated with domain $domain.name"
}
like image 93
CB. Avatar answered Oct 26 '22 16:10

CB.
Sign in to Comment

Related questions

What's best way to secure a database connection string?
Preventing the Osama Facebook worm [closed]
Dynamically running ClamAV's clamscan on file uploads with PHP
How to detect if an iframe is accessible without triggering an error?
Encrypting or scrubbing Rails log files
What is {${phpinfo()}} called? (Remote Command Execution related)
Securing WIFI for a web application
Objective C: Unable to fetch SecKeyRef from PEM private key
Erase keychain data if device is jail broken
USSD secure or not?
Does Java Web Start require that the Java browser plug-in is enabled?
Web application access user's file system
How to verify POST data is sent from Android app with correct SHA1 signature?
Is .textContent completely secure?
How to Digitally "Sign" a document
wcf net.tcp using SSL
Is the Rails default CSRF protection insecure?
Password salts: prepending vs. appending
Is there access control for CouchDB databases like PostgreSQL and MySQL privilege management?
Does PHP's FILTER_VALIDATE_EMAIL provide adequate security?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!